## Summary
Fix high severity security issue in `src/modules/h350/h350_exp_fn.c`.

## Vulnerability
| Field | Value |
|-------|-------|
| **ID** | V-004 |
| **Severity** | HIGH |
| **Scanner** | multi_agent_ai |
| **Rule** | `V-004` |
| **File** | `src/modules/h350/h350_exp_fn.c:38` |

**Description**: The H350 module constructs LDAP filters using SIP URI values 
via string formatting with the H350_SIPURI_LOOKUP_LDAP_FILTER macro. While the 
variable name 'sip_uri_escaped' suggests some escaping is applied, the escaping 
mechanism may not cover all LDAP special characters per RFC 4515 (*, (, ), \, 
NUL), potentially allowing LDAP injection through crafted SIP headers.

## Changes
- `src/modules/ldap/ldap_escape.c`
- `src/modules/h350/h350_exp_fn.c`

## Verification
- [x] Build passes
- [x] Scanner re-scan confirms fix
- [x] LLM code review passed

---
*Automated security fix by [OrbisAI Security](https://orbisappsec.com)*

You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/4750

-- Commit Summary --

  * fix: V-004 security vulnerability

-- File Changes --

    M src/modules/h350/h350_exp_fn.c (4)
    M src/modules/ldap/ldap_escape.c (5)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/4750.patch
https://github.com/kamailio/kamailio/pull/4750.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4750
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/[email protected]>
_______________________________________________
Kamailio - Development Mailing List -- [email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!

Reply via email to